how to config cisco 3550 about 802.1x with vlan assignment

Discussion in 'Cisco' started by brent, Oct 15, 2003.

  1. brent

    brent Guest

    as title
    pls tell me. thx
     
    brent, Oct 15, 2003
    #1
    1. Advertisements

  2. brent

    Dalgaard Guest

    Dalgaard, Oct 15, 2003
    #2
    1. Advertisements

  3. brent

    jmarkotic Guest

    Configured it couple of days ago. Here is important stuff.

    aaa authentication dot1x default group radius none
    dot1x system-auth-control
    !
    interface FastEthernet0/3
    switchport mode access
    dot1x port-control auto
    dot1x guest-vlan 2
    spanning-tree portfast
    !
    radius-server host 192.168.0.151 auth-port 1812 acct-port 1813 key sifra

    On radius you define following attributes for user/or group:
    Tunnel-Type[64]=VLAN
    Tunnel-Medium-Type[65]=802
    Tunnel-Private-Group-Id[81]=name_of_vlan(not vlan id)

    and that's it.
    I had to download new IOS for 3550 to get it done properly.

    hth,
    jmarkotic
     
    jmarkotic, Oct 15, 2003
    #3
  4. I read your reply with interest, as I have previously struggled with getting
    the 3550 send RADIUS queries to the RADIUS server. With the newest IOS this
    seems to be taken care of, and they have now implemented guest VLAN's on the
    3550 too. That is great, but I cannot quite figure out where on the RADIUS
    server to configure the attributes you give. In my case I use the Cisco ACS
    server but your reply may give me a clue anyway.

    Regards, Harald Haugan
     
    Harald Haugan, Oct 20, 2003
    #4
  5. brent

    jmarkotic Guest

    Go to "Interface Configuration", that go to "Radius IETF".
    Check atrributes that you want (64, 65, 81) for user and/or group.
    After that, those attributes will show under user/group IETF radius
    attributes.

    cheers,
    j

     
    jmarkotic, Oct 22, 2003
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.